Module Name:	krb5
Committed By:	hartmans
Date:		Mon Mar 17 01:03:11 UTC 2003

Modified Files:
	 krb5/src/kdc/ChangeLog krb5/src/kdc/kdc_util.h
		krb5/src/kdc/kerberos_v4.c krb5/src/kdc/main.c
		krb5/src/krb524/ChangeLog krb5/src/krb524/cnv_tkt_skey.c
		krb5/src/krb524/krb524d.c krb5/src/lib/kdb/ChangeLog
		krb5/src/lib/kdb/keytab.c
Added Files:

Removed Files:


Log Message
Ticket: 1385
Target_Version: 1.3
Tags: pullup

Disable krb4 cross-realm in krb524d and krb5kdc.  Provide an option to
reenable (-X) which prints a warning that you are creating a security
hole.

Remove support for generating krb4 tickets encrypted using 3DES
service keys as it is insecure.  They are still accepted however.

The KDc is much more strict about accepting only tickets that it would
have issued in the current configuration.  In particular if the KDC
would choose some enctype for writing a TGT, other enctypes will not
be accepted when using a TGT.


To generate a diff of this commit:
	cvs diff -r5.251 -r5.252 krb5/src/kdc/ChangeLog
	cvs diff -r5.53 -r5.54 krb5/src/kdc/kdc_util.h
	cvs diff -r5.87 -r5.88 krb5/src/kdc/kerberos_v4.c
	cvs diff -r5.115 -r5.116 krb5/src/kdc/main.c
	cvs diff -r1.122 -r1.123 krb5/src/krb524/ChangeLog
	cvs diff -r1.28 -r1.29 krb5/src/krb524/cnv_tkt_skey.c
	cvs diff -r1.55 -r1.56 krb5/src/krb524/krb524d.c
	cvs diff -r5.147 -r5.148 krb5/src/lib/kdb/ChangeLog
	cvs diff -r5.16 -r5.17 krb5/src/lib/kdb/keytab.c